[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Carlos Alberto Lopez Perez
clopez at igalia.com
Mon Jan 11 22:28:37 UTC 2016
On 11/01/16 23:13, Serge Hallyn wrote:
> Quoting david.andel at bli.uzh.ch (david.andel at bli.uzh.ch):
>> Hmm, this is interesting.
>> I am runnung my container from the unprivileged user 'lxduser' and yet:
>>
>> root at qumind:~# ps -ef | grep '[l]xc monitor'
>> root 7609 1 0 11:54 ? 00:00:00 [lxc monitor] /var/lib/lxd/containers pgroonga
>>
>> What is wrong here?
>
> You're using lxd. Lxd runs as root. You are not starting the
> containers as 'lxduser' - you are making requests as 'lxduser' for
> the root-owned process 'lxd' to start the containers.
I understood that LXD uses unprivileged containers by default...
Does this mean that LXD is starting the unprivileged containers as root?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160111/31f15434/attachment.sig>
More information about the lxc-users
mailing list